The information security classified protection system is the basic system for information security assurance in China. In the technical requirements of the classified protection operating system, the autonomous access control mechanism runs through level 1 to level 5 information systems, with the increasing security protection levels, increasing the depth and breadth of security protection is an important part of building a secure operating system. As an information security vendor focused on security operating system research, jiaotu technology adopts a host-type autonomous access control mechanism with protection requirements in its fist product JHSE jiaotu host security environment system, eliminate the security risks that traditional autonomous access control has laid for the operating system, further improve the operating system security protection level, and lay a solid foundation for the construction of a three-level security operating system.
Existing autonomous access control mechanism Defects
As we all know, an operating system is an important part of a computer system. It is responsible for managing computer resources and provides an operation interface when users use computers. In the operating system, every entity component, such as a user, user group, process, file, and data, is called a subject or object. Some entities have two identities: subject and object. Access control defines the relationship between different subjects and objects. Autonomous access control is a commonly used access control mechanism in the operating system. It allows legal users to access the objects specified by the policy as users or user groups, meanwhile, it blocks unauthorized users from accessing objects. Shows the existing autonomous access control mechanism:
A. Super administrator user group) can modify access permissions and owner of objects for object Resources.
B. The subject can modify the access permissions of its object Resources and independently delegate control to other subjects.
It should be pointed out that the operating system of commercial servers that are currently widely used belongs to level C2, which is lower than the level 2 Operating System Security requirements stipulated by GB/T 20272-2006 of the national standard, all adopt the traditional autonomous access control mechanism. Under this autonomous access control mechanism, the super Administrator has the highest permissions and can perform any operation on all the resources of the server. Once the account and password of the Super administrator are stolen by attackers, the entire operating system may suffer unanticipated huge losses. At the same time, object control permissions can be transferred between different subjects, resulting in uncertainty of the subject with access control permissions, making the operating system difficult to secure.
JHSE independent access control combines security and Application
To enhance the security protection capability of the operating system, jiaotu JHSE restructured and expanded the Operating System Security Subsystem SSOOS to enable SSOOS to monitor access to objects by capturing all subjects, when implementing the new SSF, the "Access monitor" can accurately identify the uniqueness of the subject, and the new "Access monitor" can also accurately identify the original owner of the object, to defend against various spoofing and illegal operations. JHSE has changed the shortcomings of the traditional autonomous access control mechanism, and has achieved the self-Access Control of the host type that meets the classified protection standards. As shown in:
A. When the super administrator user group modifies the object's access control table ACL, SSOOS can accurately obtain the current operation and determine whether the current operation subject is the owner of the object, otherwise, the operation will be rejected.
B. When the super administrator user group modifies the owner of the object, SSOOS can accurately obtain the current operation and determine whether the current operator is the owner of the object. Otherwise, the operation will be rejected.
C. When the object owner performs operations on the object, SSOOS can accurately obtain the current operation and determine whether the current operator owner is the object owner, further judgment is required to determine whether the owner of the object is being modified. operations such as modification will be rejected.
As shown above, under the autonomous access control mechanism built by the JHSE host security environment system, the system sets an owner object owner for each protected object ), the latter is the only subject with the right to access the object access control table ACL. It has full control over the corresponding object, but cannot transfer the control to other subjects, ensuring the uniqueness of the control of the object. At the same time, the object creator can grant the object access permissions to specific users as needed to facilitate the normal operation of the operating system. It can be said that the implementation of the Host-type autonomous access control mechanism not only ensures the confidentiality, reliability and integrity of data, but also supports the efficient operation of the operating system, achieving a perfect combination of security and practicality.
Upgrade operating system security level based on National Standard
In terms of operating system security protection, China has formulated a series of national standards, GB/T 20271-2006 General information security technology information system security technical requirements and GB/T 20272-2006 Information Security Technology Operating System security technical requirements, hereinafter referred to as "GB/T 20272 -2006 ") to provide users with a complete set of effective independent access control design and implementation methods. According to the requirements of GB/T 20272-2006, the autonomous access control of a level-1 operating system allows naming users to define and control access to objects as users, and prevent unauthorized users from accessing objects; level 2 and Level 3 systems add access control attributes and access control granularity on the basis of the independent access control of level 1 systems, it is explicitly required that "the owner of an object should be the only subject with the right to modify the access permission of the object. The owner shall have full control over the object it owns. However, the owner of the object is not allowed to assign control of the object to other subjects ". It can be seen that the second and third-level systems actually adopt the host-type autonomous access control mechanism.
Based on in-depth analysis of the security risks of traditional operating systems, jiaotu technology applies the host-type autonomous access control mechanism to JHSE products to enhance the security of the operating system. At the same time, as a professional security product designed in strict accordance with the national standard of classified protection, JHSE also adopts a mandatory access control mechanism, the control scope includes users, IP addresses, files, processes, services, shared resources, disks, ports, and registries for Windows only. It also supports binding between users and processes, the control policy is refined to the specified process of the specified user to implement fine-grained mandatory access control to ensure the safe operation of the operating system. In addition, JHSE has security technologies and functions such as dual identity authentication, sensitive tags, residual Information Protection, and intrusion prevention, fully complying with the national standard's requirements for Level 3 operating systems, it helps users build a three-level security operating system and promotes the smooth implementation of classified information security protection.